From: Warren Young
Date: September 5 2008 7:31pm
Subject: Re: How to protect database information in open source projects
List-Archive: http://lists.mysql.com/plusplus/7932
Message-Id: <48C188FC.5090502@etr-usa.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit
Jean-Sebastien Stoezel wrote:
>
> While I will be distributing the source code - which as you underline
> it - can be reviewed and modified by any user, the database this code
> is supposed to access will be shared by all the users. This is not a
> database that will run locally on the users' machine. This will be a
> remote common place to gather information about the users.
In that case, I recommend a standard 3-tier architecture: the client
talks to a server you write which in turn talks to the database server.
The protocol between the first two tiers can be any sort of networked
IPC or RPC you like: HTTP, XML-RPC, ONC RPC, UDP packets, a custom TCP
protocol, whatever. You need to be careful how you choose or design the
protocol, because it will affect how easy it is to validate the incoming
client requests.
The middle tier program inspects each incoming request, and updates the
database if it looks sane. You build it with the same sort of sanity
checking you would use in the server-side code of a web application. In
addition to the validation, this lets you provide a much more
restrictive API than libmysqlclient. Your users can only do what your
protocol allows.
The middle tier program must reside on hardware you control for this to
do you any good. Unless your load is so heavy you need to partition the
server parts so they live on two different machines, it goes on the same
machine as the DB server.